We all have a variety of apps and services that we sign-in using Google. These Google-connected apps range from email to maps and even Alexa. But what if you no longer want these apps to access your Google Account? This tutorial will help you know which apps are accessing your account so that you can turn them off.
Why Grant Google Access
You’ve probably noticed that you can log in with your Google account when you sign up for some online services. This often makes it easier, so you don’t have to remember another password. It could also be the service needs to access some Google service or components like your contacts, Google Analytics, Google Calendar, etc. It’s become so familiar that we seldom pause when granting access.
Apps with Access to Your Account
Apart from approved applications, some “bad actors” like to devise ways to gain access. These attempts can come in many forms, so it’s a good practice to check which apps have access. A recent phishing attack made me review who I granted access to, including third-party apps. It was enlightening as there were online services that I’d stopped using. And some that I couldn’t remember. It allowed me to do a security checkup.
How to Check Google Account Access
I should mention that Google has several security tools. This “apps with access” page is part of a larger umbrella that you can find at https://myaccount.google.com/security.
- In your browser, go to https://myaccount.google.com/permissions
- You’ll see a list of current services (1) you’ve allowed and their permissions (2). In my example below, you’ll see they’re not all Google apps. I have an Amazon Echo (3), which can access certain features. I can say, “Alexa, what’s my next appointment?” and she reads my Google Calendar.
- If you see an item, you don’t need or recognize, you can click it to get more details. The panel will expand with more information, including the app’s name (1), access rights (2), and date you approved access (3).
- In this case, I know the Optimizely app, but I no longer need the functionality so I can click the REMOVE button to revoke access.
Levels of Access
As you can see above, there are multiple access levels. Some access is minimal, whereas other apps have “full access.” Full access isn’t entirely correct as these apps can’t change your pop-up settings or change browser notifications. All the same, you need to be careful and trust the apps that have this level of access.
Another item to review is whether an app has “read and write access.” Many legitimate apps do. For example, you may have a phone app that automatically updates Facebook with how many miles you ran or your sleep.
My rule of thumb is if you don’t know the app, remove it. If revoking access breaks something, the app will let you know it needs to reauthorize.
What is this App or Service?
The biggest issue I’ve encountered is not recognizing an app or service. For example, I spotted this one – Project Default Service Account.
I haven’t a clue what it is, even considering the Authorization date. If I Google “Project Default Service Account,” I see several suggestions.
- A developer who used a default name when generating an application using the Android SDK.
In this case, I’ll remove the authorization and see if some app stops functioning. Better safe than sorry.
This tutorial just focused on Google Account security. Now might be the time to look at other services you use, such as Facebook, to see if the same problems exist.